search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
zdb: zero-pad checksum output follow up
[zfs.git] / lib / libzfs / libzfs_crypto.c
blob3ef88370108204491a72e3477be56da94e7edb2c
1 /*
2 * CDDL HEADER START
3 *
4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
7 * 1.0 of the CDDL.
8 *
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
12 *
13 * CDDL HEADER END
14 */
15
16 /*
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
19 */
20
21 #include <sys/zfs_context.h>
22 #include <sys/fs/zfs.h>
23 #include <sys/dsl_crypt.h>
24 #include <libintl.h>
25 #include <termios.h>
26 #include <signal.h>
27 #include <errno.h>
28 #include <openssl/evp.h>
29 #if LIBFETCH_DYNAMIC
30 #include <dlfcn.h>
31 #endif
32 #if LIBFETCH_IS_FETCH
33 #include <sys/param.h>
34 #include <stdio.h>
35 #include <fetch.h>
36 #elif LIBFETCH_IS_LIBCURL
37 #include <curl/curl.h>
38 #endif
39 #include <libzfs.h>
40 #include "libzfs_impl.h"
41 #include "zfeature_common.h"
42
43 /*
44 * User keys are used to decrypt the master encryption keys of a dataset. This
45 * indirection allows a user to change his / her access key without having to
46 * re-encrypt the entire dataset. User keys can be provided in one of several
47 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
48 * are converted to binary and passed into the kernel. Password based keys are
49 * a bit more complicated. Passwords alone do not provide suitable entropy for
50 * encryption and may be too short or too long to be used. In order to derive
51 * a more appropriate key we use a PBKDF2 function. This function is designed
52 * to take a (relatively) long time to calculate in order to discourage
53 * attackers from guessing from a list of common passwords. PBKDF2 requires
54 * 2 additional parameters. The first is the number of iterations to run, which
55 * will ultimately determine how long it takes to derive the resulting key from
56 * the password. The second parameter is a salt that is randomly generated for
57 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
58 * attackers cannot reasonably generate a table of commonly known passwords to
59 * their output keys and expect it work for all past and future PBKDF2 users.
60 * We store the salt as a hidden property of the dataset (although it is
61 * technically ok if the salt is known to the attacker).
62 */
63
64 #define MIN_PASSPHRASE_LEN 8
65 #define MAX_PASSPHRASE_LEN 512
66 #define MAX_KEY_PROMPT_ATTEMPTS 3
67
68 static int caught_interrupt;
69
70 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
71 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
72 static int get_key_material_https(libzfs_handle_t *, const char *, const char *,
73 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
74
75 static zfs_uri_handler_t uri_handlers[] = {
76 { "file", get_key_material_file },
77 { "https", get_key_material_https },
78 { "http", get_key_material_https },
79 { NULL, NULL }
80 };
81
82 static int
83 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
84 {
85 int rand;
86 ssize_t bytes_read = 0;
87
88 rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
89
90 if (rand < 0)
91 return (rand);
92
93 while (bytes_read < bytes) {
94 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
95 if (rc < 0)
96 break;
97 bytes_read += rc;
98 }
99
100 (void) close(rand);
101
102 return (bytes_read);
103 }
104
105 static int
106 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
107 zfs_keylocation_t *restrict locp, char **restrict schemep)
108 {
109 *locp = ZFS_KEYLOCATION_NONE;
110 *schemep = NULL;
111
112 if (strcmp("prompt", str) == 0) {
113 *locp = ZFS_KEYLOCATION_PROMPT;
114 return (0);
115 }
116
117 regmatch_t pmatch[2];
118
119 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
120 pmatch, 0) == 0) {
121 size_t scheme_len;
122
123 if (pmatch[1].rm_so == -1) {
124 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
125 "Invalid URI"));
126 return (EINVAL);
127 }
128
129 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
130
131 *schemep = calloc(1, scheme_len + 1);
132 if (*schemep == NULL) {
133 int ret = errno;
134
135 errno = 0;
136 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
137 "Invalid URI"));
138 return (ret);
139 }
140
141 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
142 *locp = ZFS_KEYLOCATION_URI;
143 return (0);
144 }
145
146 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
147 return (EINVAL);
148 }
149
150 static int
151 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
152 {
153 int ret, i;
154 unsigned int c;
155
156 for (i = 0; i < hexlen; i += 2) {
157 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
158 ret = EINVAL;
159 goto error;
160 }
161
162 ret = sscanf(&hex[i], "%02x", &c);
163 if (ret != 1) {
164 ret = EINVAL;
165 goto error;
166 }
167
168 out[i / 2] = c;
169 }
170
171 return (0);
172
173 error:
174 return (ret);
175 }
176
177
178 static void
179 catch_signal(int sig)
180 {
181 caught_interrupt = sig;
182 }
183
184 static const char *
185 get_format_prompt_string(zfs_keyformat_t format)
186 {
187 switch (format) {
188 case ZFS_KEYFORMAT_RAW:
189 return ("raw key");
190 case ZFS_KEYFORMAT_HEX:
191 return ("hex key");
192 case ZFS_KEYFORMAT_PASSPHRASE:
193 return ("passphrase");
194 default:
195 /* shouldn't happen */
196 return (NULL);
197 }
198 }
199
200 /* do basic validation of the key material */
201 static int
202 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
203 const char *key, size_t keylen, boolean_t do_verify)
204 {
205 switch (keyformat) {
206 case ZFS_KEYFORMAT_RAW:
207 /* verify the key length is correct */
208 if (keylen < WRAPPING_KEY_LEN) {
209 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
210 "Raw key too short (expected %u)."),
211 WRAPPING_KEY_LEN);
212 return (EINVAL);
213 }
214
215 if (keylen > WRAPPING_KEY_LEN) {
216 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
217 "Raw key too long (expected %u)."),
218 WRAPPING_KEY_LEN);
219 return (EINVAL);
220 }
221 break;
222 case ZFS_KEYFORMAT_HEX:
223 /* verify the key length is correct */
224 if (keylen < WRAPPING_KEY_LEN * 2) {
225 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
226 "Hex key too short (expected %u)."),
227 WRAPPING_KEY_LEN * 2);
228 return (EINVAL);
229 }
230
231 if (keylen > WRAPPING_KEY_LEN * 2) {
232 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
233 "Hex key too long (expected %u)."),
234 WRAPPING_KEY_LEN * 2);
235 return (EINVAL);
236 }
237
238 /* check for invalid hex digits */
239 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
240 if (!isxdigit(key[i])) {
241 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
242 "Invalid hex character detected."));
243 return (EINVAL);
244 }
245 }
246 break;
247 case ZFS_KEYFORMAT_PASSPHRASE:
248 /*
249 * Verify the length is within bounds when setting a new key,
250 * but not when loading an existing key.
251 */
252 if (!do_verify)
253 break;
254 if (keylen > MAX_PASSPHRASE_LEN) {
255 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
256 "Passphrase too long (max %u)."),
257 MAX_PASSPHRASE_LEN);
258 return (EINVAL);
259 }
260
261 if (keylen < MIN_PASSPHRASE_LEN) {
262 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
263 "Passphrase too short (min %u)."),
264 MIN_PASSPHRASE_LEN);
265 return (EINVAL);
266 }
267 break;
268 default:
269 /* can't happen, checked above */
270 break;
271 }
272
273 return (0);
274 }
275
276 static int
277 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
278 boolean_t new_key, const char *fsname,
279 char **restrict res, size_t *restrict reslen)
280 {
281 FILE *f = stdin;
282 size_t buflen = 0;
283 ssize_t bytes;
284 int ret = 0;
285 struct termios old_term, new_term;
286 struct sigaction act, osigint, osigtstp;
287
288 *res = NULL;
289 *reslen = 0;
290
291 /*
292 * handle SIGINT and ignore SIGSTP. This is necessary to
293 * restore the state of the terminal.
294 */
295 caught_interrupt = 0;
296 act.sa_flags = 0;
297 (void) sigemptyset(&act.sa_mask);
298 act.sa_handler = catch_signal;
299
300 (void) sigaction(SIGINT, &act, &osigint);
301 act.sa_handler = SIG_IGN;
302 (void) sigaction(SIGTSTP, &act, &osigtstp);
303
304 (void) printf("%s %s%s",
305 is_reenter ? "Re-enter" : "Enter",
306 new_key ? "new " : "",
307 get_format_prompt_string(keyformat));
308 if (fsname != NULL)
309 (void) printf(" for '%s'", fsname);
310 (void) fputc(':', stdout);
311 (void) fflush(stdout);
312
313 /* disable the terminal echo for key input */
314 (void) tcgetattr(fileno(f), &old_term);
315
316 new_term = old_term;
317 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
318
319 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
320 if (ret != 0) {
321 ret = errno;
322 errno = 0;
323 goto out;
324 }
325
326 bytes = getline(res, &buflen, f);
327 if (bytes < 0) {
328 ret = errno;
329 errno = 0;
330 goto out;
331 }
332
333 /* trim the ending newline if it exists */
334 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
335 (*res)[bytes - 1] = '\0';
336 bytes--;
337 }
338
339 *reslen = bytes;
340
341 out:
342 /* reset the terminal */
343 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
344 (void) sigaction(SIGINT, &osigint, NULL);
345 (void) sigaction(SIGTSTP, &osigtstp, NULL);
346
347 /* if we caught a signal, re-throw it now */
348 if (caught_interrupt != 0)
349 (void) kill(getpid(), caught_interrupt);
350
351 /* print the newline that was not echo'd */
352 (void) printf("\n");
353
354 return (ret);
355 }
356
357 static int
358 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
359 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
360 uint8_t **restrict outbuf, size_t *restrict len_out)
361 {
362 char *buf = NULL, *buf2 = NULL;
363 size_t buflen = 0, buf2len = 0;
364 int ret = 0;
365
366 ASSERT(isatty(fileno(stdin)));
367
368 /* raw keys cannot be entered on the terminal */
369 if (keyformat == ZFS_KEYFORMAT_RAW) {
370 ret = EINVAL;
371 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
372 "Cannot enter raw keys on the terminal"));
373 goto out;
374 }
375
376 /* prompt for the key */
377 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
378 &buf, &buflen)) != 0) {
379 free(buf);
380 buf = NULL;
381 buflen = 0;
382 goto out;
383 }
384
385 if (!confirm_key)
386 goto out;
387
388 if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) !=
389 0) {
390 free(buf);
391 return (ret);
392 }
393
394 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
395 &buf2len);
396 if (ret != 0) {
397 free(buf);
398 free(buf2);
399 buf = buf2 = NULL;
400 buflen = buf2len = 0;
401 goto out;
402 }
403
404 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
405 free(buf);
406 buf = NULL;
407 buflen = 0;
408
409 ret = EINVAL;
410 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
411 "Provided keys do not match."));
412 }
413
414 free(buf2);
415
416 out:
417 *outbuf = (uint8_t *)buf;
418 *len_out = buflen;
419 return (ret);
420 }
421
422 static int
423 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
424 uint8_t **buf, size_t *len_out)
425 {
426 int ret = 0;
427 size_t buflen = 0;
428
429 *len_out = 0;
430
431 /* read the key material */
432 if (keyformat != ZFS_KEYFORMAT_RAW) {
433 ssize_t bytes;
434
435 bytes = getline((char **)buf, &buflen, fd);
436 if (bytes < 0) {
437 ret = errno;
438 errno = 0;
439 goto out;
440 }
441
442 /* trim the ending newline if it exists */
443 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
444 (*buf)[bytes - 1] = '\0';
445 bytes--;
446 }
447
448 *len_out = bytes;
449 } else {
450 size_t n;
451
452 /*
453 * Raw keys may have newline characters in them and so can't
454 * use getline(). Here we attempt to read 33 bytes so that we
455 * can properly check the key length (the file should only have
456 * 32 bytes).
457 */
458 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
459 if (*buf == NULL) {
460 ret = ENOMEM;
461 goto out;
462 }
463
464 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
465 if (n == 0 || ferror(fd)) {
466 /* size errors are handled by the calling function */
467 free(*buf);
468 *buf = NULL;
469 ret = errno;
470 errno = 0;
471 goto out;
472 }
473
474 *len_out = n;
475 }
476 out:
477 return (ret);
478 }
479
480 static int
481 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
482 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
483 uint8_t **restrict buf, size_t *restrict len_out)
484 {
485 (void) fsname, (void) newkey;
486 FILE *f = NULL;
487 int ret = 0;
488
489 if (strlen(uri) < 7)
490 return (EINVAL);
491
492 if ((f = fopen(uri + 7, "re")) == NULL) {
493 ret = errno;
494 errno = 0;
495 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
496 "Failed to open key material file: %s"), strerror(ret));
497 return (ret);
498 }
499
500 ret = get_key_material_raw(f, keyformat, buf, len_out);
501
502 (void) fclose(f);
503
504 return (ret);
505 }
506
507 static int
508 get_key_material_https(libzfs_handle_t *hdl, const char *uri,
509 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
510 uint8_t **restrict buf, size_t *restrict len_out)
511 {
512 (void) fsname, (void) newkey;
513 int ret = 0;
514 FILE *key = NULL;
515 boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0;
516
517 if (strlen(uri) < (is_http ? 7 : 8)) {
518 ret = EINVAL;
519 goto end;
520 }
521
522 #if LIBFETCH_DYNAMIC
523 #define LOAD_FUNCTION(func) \
524 __typeof__(func) *func = dlsym(hdl->libfetch, #func);
525
526 if (hdl->libfetch == NULL)
527 hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY);
528
529 if (hdl->libfetch == NULL) {
530 hdl->libfetch = (void *)-1;
531 char *err = dlerror();
532 if (err)
533 hdl->libfetch_load_error = strdup(err);
534 }
535
536 if (hdl->libfetch == (void *)-1) {
537 ret = ENOSYS;
538 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
539 "Couldn't load %s: %s"),
540 LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)");
541 goto end;
542 }
543
544 boolean_t ok;
545 #if LIBFETCH_IS_FETCH
546 LOAD_FUNCTION(fetchGetURL);
547 char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString");
548
549 ok = fetchGetURL && fetchLastErrString;
550 #elif LIBFETCH_IS_LIBCURL
551 LOAD_FUNCTION(curl_easy_init);
552 LOAD_FUNCTION(curl_easy_setopt);
553 LOAD_FUNCTION(curl_easy_perform);
554 LOAD_FUNCTION(curl_easy_cleanup);
555 LOAD_FUNCTION(curl_easy_strerror);
556 LOAD_FUNCTION(curl_easy_getinfo);
557
558 ok = curl_easy_init && curl_easy_setopt && curl_easy_perform &&
559 curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo;
560 #endif
561 if (!ok) {
562 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
563 "keylocation=%s back-end %s missing symbols."),
564 is_http ? "http://" : "https://", LIBFETCH_SONAME);
565 ret = ENOSYS;
566 goto end;
567 }
568 #endif
569
570 #if LIBFETCH_IS_FETCH
571 key = fetchGetURL(uri, "");
572 if (key == NULL) {
573 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
574 "Couldn't GET %s: %s"),
575 uri, fetchLastErrString);
576 ret = ENETDOWN;
577 }
578 #elif LIBFETCH_IS_LIBCURL
579 CURL *curl = curl_easy_init();
580 if (curl == NULL) {
581 ret = ENOTSUP;
582 goto end;
583 }
584
585 int kfd = -1;
586 #ifdef O_TMPFILE
587 kfd = open(getenv("TMPDIR") ?: "/tmp",
588 O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600);
589 if (kfd != -1)
590 goto kfdok;
591 #endif
592
593 char *path;
594 if (asprintf(&path,
595 "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) {
596 ret = ENOMEM;
597 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"),
598 strerror(ret));
599 goto end;
600 }
601
602 kfd = mkostemps(path, strlen(".https"), O_CLOEXEC);
603 if (kfd == -1) {
604 ret = errno;
605 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
606 "Couldn't create temporary file %s: %s"),
607 path, strerror(ret));
608 free(path);
609 goto end;
610 }
611 (void) unlink(path);
612 free(path);
613
614 kfdok:
615 if ((key = fdopen(kfd, "r+")) == NULL) {
616 ret = errno;
617 (void) close(kfd);
618 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
619 "Couldn't reopen temporary file: %s"), strerror(ret));
620 goto end;
621 }
622
623 char errbuf[CURL_ERROR_SIZE] = "";
624 char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */
625 char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */
626 char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */
627 char *clkey = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */
628 (void) curl_easy_setopt(curl, CURLOPT_URL, uri);
629 (void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
630 (void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L);
631 (void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key);
632 (void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
633 if (cainfo != NULL)
634 (void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
635 if (capath != NULL)
636 (void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
637 if (clcert != NULL)
638 (void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert);
639 if (clkey != NULL)
640 (void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey);
641
642 CURLcode res = curl_easy_perform(curl);
643
644 if (res != CURLE_OK) {
645 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
646 "Failed to connect to %s: %s"),
647 uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res));
648 ret = ENETDOWN;
649 } else {
650 long resp = 200;
651 (void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp);
652
653 if (resp < 200 || resp >= 300) {
654 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
655 "Couldn't GET %s: %ld"),
656 uri, resp);
657 ret = ENOENT;
658 } else
659 rewind(key);
660 }
661
662 curl_easy_cleanup(curl);
663 #else
664 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
665 "No keylocation=%s back-end."), is_http ? "http://" : "https://");
666 ret = ENOSYS;
667 #endif
668
669 end:
670 if (ret == 0)
671 ret = get_key_material_raw(key, keyformat, buf, len_out);
672
673 if (key != NULL)
674 fclose(key);
675
676 return (ret);
677 }
678
679 /*
680 * Attempts to fetch key material, no matter where it might live. The key
681 * material is allocated and returned in km_out. *can_retry_out will be set
682 * to B_TRUE if the user is providing the key material interactively, allowing
683 * for re-entry attempts.
684 */
685 static int
686 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
687 zfs_keyformat_t keyformat, const char *keylocation, const char *fsname,
688 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
689 {
690 int ret;
691 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
692 uint8_t *km = NULL;
693 size_t kmlen = 0;
694 char *uri_scheme = NULL;
695 zfs_uri_handler_t *handler = NULL;
696 boolean_t can_retry = B_FALSE;
697
698 /* verify and parse the keylocation */
699 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
700 &uri_scheme);
701 if (ret != 0)
702 goto error;
703
704 /* open the appropriate file descriptor */
705 switch (keyloc) {
706 case ZFS_KEYLOCATION_PROMPT:
707 if (isatty(fileno(stdin))) {
708 can_retry = keyformat != ZFS_KEYFORMAT_RAW;
709 ret = get_key_interactive(hdl, fsname, keyformat,
710 do_verify, newkey, &km, &kmlen);
711 } else {
712 /* fetch the key material into the buffer */
713 ret = get_key_material_raw(stdin, keyformat, &km,
714 &kmlen);
715 }
716
717 if (ret != 0)
718 goto error;
719
720 break;
721 case ZFS_KEYLOCATION_URI:
722 ret = ENOTSUP;
723
724 for (handler = uri_handlers; handler->zuh_scheme != NULL;
725 handler++) {
726 if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
727 continue;
728
729 if ((ret = handler->zuh_handler(hdl, keylocation,
730 fsname, keyformat, newkey, &km, &kmlen)) != 0)
731 goto error;
732
733 break;
734 }
735
736 if (ret == ENOTSUP) {
737 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
738 "URI scheme is not supported"));
739 goto error;
740 }
741
742 break;
743 default:
744 ret = EINVAL;
745 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
746 "Invalid keylocation."));
747 goto error;
748 }
749
750 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen,
751 do_verify)) != 0)
752 goto error;
753
754 *km_out = km;
755 *kmlen_out = kmlen;
756 if (can_retry_out != NULL)
757 *can_retry_out = can_retry;
758
759 free(uri_scheme);
760 return (0);
761
762 error:
763 free(km);
764
765 *km_out = NULL;
766 *kmlen_out = 0;
767
768 if (can_retry_out != NULL)
769 *can_retry_out = can_retry;
770
771 free(uri_scheme);
772 return (ret);
773 }
774
775 static int
776 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
777 uint8_t *key_material, uint64_t salt,
778 uint8_t **key_out)
779 {
780 int ret;
781 uint8_t *key;
782
783 *key_out = NULL;
784
785 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
786
787 switch (format) {
788 case ZFS_KEYFORMAT_RAW:
789 memcpy(key, key_material, WRAPPING_KEY_LEN);
790 break;
791 case ZFS_KEYFORMAT_HEX:
792 ret = hex_key_to_raw((char *)key_material,
793 WRAPPING_KEY_LEN * 2, key);
794 if (ret != 0) {
795 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
796 "Invalid hex key provided."));
797 goto error;
798 }
799 break;
800 case ZFS_KEYFORMAT_PASSPHRASE:
801 salt = LE_64(salt);
802
803 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
804 strlen((char *)key_material), ((uint8_t *)&salt),
805 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
806 if (ret != 1) {
807 ret = EIO;
808 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
809 "Failed to generate key from passphrase."));
810 goto error;
811 }
812 break;
813 default:
814 ret = EINVAL;
815 goto error;
816 }
817
818 *key_out = key;
819 return (0);
820
821 error:
822 free(key);
823
824 *key_out = NULL;
825 return (ret);
826 }
827
828 static boolean_t
829 encryption_feature_is_enabled(zpool_handle_t *zph)
830 {
831 nvlist_t *features;
832 uint64_t feat_refcount;
833
834 /* check that features can be enabled */
835 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
836 < SPA_VERSION_FEATURES)
837 return (B_FALSE);
838
839 /* check for crypto feature */
840 features = zpool_get_features(zph);
841 if (!features || nvlist_lookup_uint64(features,
842 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
843 &feat_refcount) != 0)
844 return (B_FALSE);
845
846 return (B_TRUE);
847 }
848
849 static int
850 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
851 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
852 const char *keylocation, nvlist_t *props, uint8_t **wkeydata,
853 uint_t *wkeylen)
854 {
855 int ret;
856 uint64_t iters = 0, salt = 0;
857 uint8_t *key_material = NULL;
858 size_t key_material_len = 0;
859 uint8_t *key_data = NULL;
860 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
861
862 /* get key material from keyformat and keylocation */
863 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
864 fsname, &key_material, &key_material_len, NULL);
865 if (ret != 0)
866 goto error;
867
868 /* passphrase formats require a salt and pbkdf2 iters property */
869 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
870 /* always generate a new salt */
871 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
872 if (ret != sizeof (uint64_t)) {
873 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
874 "Failed to generate salt."));
875 goto error;
876 }
877
878 ret = nvlist_add_uint64(props,
879 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
880 if (ret != 0) {
881 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
882 "Failed to add salt to properties."));
883 goto error;
884 }
885
886 /*
887 * If not otherwise specified, use the default number of
888 * pbkdf2 iterations. If specified, we have already checked
889 * that the given value is greater than MIN_PBKDF2_ITERATIONS
890 * during zfs_valid_proplist().
891 */
892 ret = nvlist_lookup_uint64(props,
893 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
894 if (ret == ENOENT) {
895 iters = DEFAULT_PBKDF2_ITERATIONS;
896 ret = nvlist_add_uint64(props,
897 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
898 if (ret != 0)
899 goto error;
900 } else if (ret != 0) {
901 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
902 "Failed to get pbkdf2 iterations."));
903 goto error;
904 }
905 } else {
906 /* check that pbkdf2iters was not specified by the user */
907 ret = nvlist_lookup_uint64(props,
908 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
909 if (ret == 0) {
910 ret = EINVAL;
911 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
912 "Cannot specify pbkdf2iters with a non-passphrase "
913 "keyformat."));
914 goto error;
915 }
916 }
917
918 /* derive a key from the key material */
919 ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data);
920 if (ret != 0)
921 goto error;
922
923 free(key_material);
924
925 *wkeydata = key_data;
926 *wkeylen = WRAPPING_KEY_LEN;
927 return (0);
928
929 error:
930 if (key_material != NULL)
931 free(key_material);
932 if (key_data != NULL)
933 free(key_data);
934
935 *wkeydata = NULL;
936 *wkeylen = 0;
937 return (ret);
938 }
939
940 static boolean_t
941 proplist_has_encryption_props(nvlist_t *props)
942 {
943 int ret;
944 uint64_t intval;
945 char *strval;
946
947 ret = nvlist_lookup_uint64(props,
948 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
949 if (ret == 0 && intval != ZIO_CRYPT_OFF)
950 return (B_TRUE);
951
952 ret = nvlist_lookup_string(props,
953 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
954 if (ret == 0 && strcmp(strval, "none") != 0)
955 return (B_TRUE);
956
957 ret = nvlist_lookup_uint64(props,
958 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
959 if (ret == 0)
960 return (B_TRUE);
961
962 ret = nvlist_lookup_uint64(props,
963 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
964 if (ret == 0)
965 return (B_TRUE);
966
967 return (B_FALSE);
968 }
969
970 int
971 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
972 char *buf)
973 {
974 int ret;
975 char prop_encroot[MAXNAMELEN];
976
977 /* if the dataset isn't encrypted, just return */
978 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
979 *is_encroot = B_FALSE;
980 if (buf != NULL)
981 buf[0] = '\0';
982 return (0);
983 }
984
985 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
986 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
987 if (ret != 0) {
988 *is_encroot = B_FALSE;
989 if (buf != NULL)
990 buf[0] = '\0';
991 return (ret);
992 }
993
994 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
995 if (buf != NULL)
996 strcpy(buf, prop_encroot);
997
998 return (0);
999 }
1000
1001 int
1002 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
1003 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
1004 uint_t *wkeylen_out)
1005 {
1006 int ret;
1007 char errbuf[ERRBUFLEN];
1008 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
1009 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1010 char *keylocation = NULL;
1011 zfs_handle_t *pzhp = NULL;
1012 uint8_t *wkeydata = NULL;
1013 uint_t wkeylen = 0;
1014 boolean_t local_crypt = B_TRUE;
1015
1016 (void) snprintf(errbuf, sizeof (errbuf),
1017 dgettext(TEXT_DOMAIN, "Encryption create error"));
1018
1019 /* lookup crypt from props */
1020 ret = nvlist_lookup_uint64(props,
1021 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
1022 if (ret != 0)
1023 local_crypt = B_FALSE;
1024
1025 /* lookup key location and format from props */
1026 (void) nvlist_lookup_uint64(props,
1027 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1028 (void) nvlist_lookup_string(props,
1029 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1030
1031 if (parent_name != NULL) {
1032 /* get a reference to parent dataset */
1033 pzhp = make_dataset_handle(hdl, parent_name);
1034 if (pzhp == NULL) {
1035 ret = ENOENT;
1036 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1037 "Failed to lookup parent."));
1038 goto out;
1039 }
1040
1041 /* Lookup parent's crypt */
1042 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1043
1044 /* Params require the encryption feature */
1045 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
1046 if (proplist_has_encryption_props(props)) {
1047 ret = EINVAL;
1048 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1049 "Encryption feature not enabled."));
1050 goto out;
1051 }
1052
1053 ret = 0;
1054 goto out;
1055 }
1056 } else {
1057 /*
1058 * special case for root dataset where encryption feature
1059 * feature won't be on disk yet
1060 */
1061 if (!nvlist_exists(pool_props, "feature@encryption")) {
1062 if (proplist_has_encryption_props(props)) {
1063 ret = EINVAL;
1064 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1065 "Encryption feature not enabled."));
1066 goto out;
1067 }
1068
1069 ret = 0;
1070 goto out;
1071 }
1072
1073 pcrypt = ZIO_CRYPT_OFF;
1074 }
1075
1076 /* Get the inherited encryption property if we don't have it locally */
1077 if (!local_crypt)
1078 crypt = pcrypt;
1079
1080 /*
1081 * At this point crypt should be the actual encryption value. If
1082 * encryption is off just verify that no encryption properties have
1083 * been specified and return.
1084 */
1085 if (crypt == ZIO_CRYPT_OFF) {
1086 if (proplist_has_encryption_props(props)) {
1087 ret = EINVAL;
1088 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1089 "Encryption must be turned on to set encryption "
1090 "properties."));
1091 goto out;
1092 }
1093
1094 ret = 0;
1095 goto out;
1096 }
1097
1098 /*
1099 * If we have a parent crypt it is valid to specify encryption alone.
1100 * This will result in a child that is encrypted with the chosen
1101 * encryption suite that will also inherit the parent's key. If
1102 * the parent is not encrypted we need an encryption suite provided.
1103 */
1104 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
1105 keyformat == ZFS_KEYFORMAT_NONE) {
1106 ret = EINVAL;
1107 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1108 "Keyformat required for new encryption root."));
1109 goto out;
1110 }
1111
1112 /*
1113 * Specifying a keylocation implies this will be a new encryption root.
1114 * Check that a keyformat is also specified.
1115 */
1116 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
1117 ret = EINVAL;
1118 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1119 "Keyformat required for new encryption root."));
1120 goto out;
1121 }
1122
1123 /* default to prompt if no keylocation is specified */
1124 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
1125 keylocation = (char *)"prompt";
1126 ret = nvlist_add_string(props,
1127 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
1128 if (ret != 0)
1129 goto out;
1130 }
1131
1132 /*
1133 * If a local key is provided, this dataset will be a new
1134 * encryption root. Populate the encryption params.
1135 */
1136 if (keylocation != NULL) {
1137 /*
1138 * 'zfs recv -o keylocation=prompt' won't work because stdin
1139 * is being used by the send stream, so we disallow it.
1140 */
1141 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
1142 ret = EINVAL;
1143 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
1144 "'prompt' keylocation because stdin is in use."));
1145 goto out;
1146 }
1147
1148 ret = populate_create_encryption_params_nvlists(hdl, NULL,
1149 B_TRUE, keyformat, keylocation, props, &wkeydata,
1150 &wkeylen);
1151 if (ret != 0)
1152 goto out;
1153 }
1154
1155 if (pzhp != NULL)
1156 zfs_close(pzhp);
1157
1158 *wkeydata_out = wkeydata;
1159 *wkeylen_out = wkeylen;
1160 return (0);
1161
1162 out:
1163 if (pzhp != NULL)
1164 zfs_close(pzhp);
1165 if (wkeydata != NULL)
1166 free(wkeydata);
1167
1168 *wkeydata_out = NULL;
1169 *wkeylen_out = 0;
1170 return (ret);
1171 }
1172
1173 int
1174 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1175 char *parent_name, nvlist_t *props)
1176 {
1177 (void) origin_zhp, (void) parent_name;
1178 char errbuf[ERRBUFLEN];
1179
1180 (void) snprintf(errbuf, sizeof (errbuf),
1181 dgettext(TEXT_DOMAIN, "Encryption clone error"));
1182
1183 /*
1184 * No encryption properties should be specified. They will all be
1185 * inherited from the origin dataset.
1186 */
1187 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1188 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1189 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1190 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1191 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1192 "Encryption properties must inherit from origin dataset."));
1193 return (EINVAL);
1194 }
1195
1196 return (0);
1197 }
1198
1199 typedef struct loadkeys_cbdata {
1200 uint64_t cb_numfailed;
1201 uint64_t cb_numattempted;
1202 } loadkey_cbdata_t;
1203
1204 static int
1205 load_keys_cb(zfs_handle_t *zhp, void *arg)
1206 {
1207 int ret;
1208 boolean_t is_encroot;
1209 loadkey_cbdata_t *cb = arg;
1210 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1211
1212 /* only attempt to load keys for encryption roots */
1213 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1214 if (ret != 0 || !is_encroot)
1215 goto out;
1216
1217 /* don't attempt to load already loaded keys */
1218 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1219 goto out;
1220
1221 /* Attempt to load the key. Record status in cb. */
1222 cb->cb_numattempted++;
1223
1224 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1225 if (ret)
1226 cb->cb_numfailed++;
1227
1228 out:
1229 (void) zfs_iter_filesystems(zhp, 0, load_keys_cb, cb);
1230 zfs_close(zhp);
1231
1232 /* always return 0, since this function is best effort */
1233 return (0);
1234 }
1235
1236 /*
1237 * This function is best effort. It attempts to load all the keys for the given
1238 * filesystem and all of its children.
1239 */
1240 int
1241 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname)
1242 {
1243 int ret;
1244 zfs_handle_t *zhp = NULL;
1245 loadkey_cbdata_t cb = { 0 };
1246
1247 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1248 if (zhp == NULL) {
1249 ret = ENOENT;
1250 goto error;
1251 }
1252
1253 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1254 if (ret)
1255 goto error;
1256
1257 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1258 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1259 (u_longlong_t)cb.cb_numattempted);
1260
1261 if (cb.cb_numfailed != 0) {
1262 ret = -1;
1263 goto error;
1264 }
1265
1266 zfs_close(zhp);
1267 return (0);
1268
1269 error:
1270 if (zhp != NULL)
1271 zfs_close(zhp);
1272 return (ret);
1273 }
1274
1275 int
1276 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop,
1277 const char *alt_keylocation)
1278 {
1279 int ret, attempts = 0;
1280 char errbuf[ERRBUFLEN];
1281 uint64_t keystatus, iters = 0, salt = 0;
1282 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1283 char prop_keylocation[MAXNAMELEN];
1284 char prop_encroot[MAXNAMELEN];
1285 const char *keylocation = NULL;
1286 uint8_t *key_material = NULL, *key_data = NULL;
1287 size_t key_material_len;
1288 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1289
1290 (void) snprintf(errbuf, sizeof (errbuf),
1291 dgettext(TEXT_DOMAIN, "Key load error"));
1292
1293 /* check that encryption is enabled for the pool */
1294 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1295 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1296 "Encryption feature not enabled."));
1297 ret = EINVAL;
1298 goto error;
1299 }
1300
1301 /* Fetch the keyformat. Check that the dataset is encrypted. */
1302 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1303 if (keyformat == ZFS_KEYFORMAT_NONE) {
1304 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1305 "'%s' is not encrypted."), zfs_get_name(zhp));
1306 ret = EINVAL;
1307 goto error;
1308 }
1309
1310 /*
1311 * Fetch the key location. Check that we are working with an
1312 * encryption root.
1313 */
1314 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1315 if (ret != 0) {
1316 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1317 "Failed to get encryption root for '%s'."),
1318 zfs_get_name(zhp));
1319 goto error;
1320 } else if (!is_encroot) {
1321 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1322 "Keys must be loaded for encryption root of '%s' (%s)."),
1323 zfs_get_name(zhp), prop_encroot);
1324 ret = EINVAL;
1325 goto error;
1326 }
1327
1328 /*
1329 * if the caller has elected to override the keylocation property
1330 * use that instead
1331 */
1332 if (alt_keylocation != NULL) {
1333 keylocation = alt_keylocation;
1334 } else {
1335 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1336 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1337 if (ret != 0) {
1338 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1339 "Failed to get keylocation for '%s'."),
1340 zfs_get_name(zhp));
1341 goto error;
1342 }
1343
1344 keylocation = prop_keylocation;
1345 }
1346
1347 /* check that the key is unloaded unless this is a noop */
1348 if (!noop) {
1349 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1350 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1351 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1352 "Key already loaded for '%s'."), zfs_get_name(zhp));
1353 ret = EEXIST;
1354 goto error;
1355 }
1356 }
1357
1358 /* passphrase formats require a salt and pbkdf2_iters property */
1359 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1360 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1361 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1362 }
1363
1364 try_again:
1365 /* fetching and deriving the key are correctable errors. set the flag */
1366 correctible = B_TRUE;
1367
1368 /* get key material from key format and location */
1369 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1370 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1371 &can_retry);
1372 if (ret != 0)
1373 goto error;
1374
1375 /* derive a key from the key material */
1376 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt,
1377 &key_data);
1378 if (ret != 0)
1379 goto error;
1380
1381 correctible = B_FALSE;
1382
1383 /* pass the wrapping key and noop flag to the ioctl */
1384 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1385 if (ret != 0) {
1386 switch (ret) {
1387 case EPERM:
1388 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1389 "Permission denied."));
1390 break;
1391 case EINVAL:
1392 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1393 "Invalid parameters provided for dataset %s."),
1394 zfs_get_name(zhp));
1395 break;
1396 case EEXIST:
1397 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1398 "Key already loaded for '%s'."), zfs_get_name(zhp));
1399 break;
1400 case EBUSY:
1401 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1402 "'%s' is busy."), zfs_get_name(zhp));
1403 break;
1404 case EACCES:
1405 correctible = B_TRUE;
1406 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1407 "Incorrect key provided for '%s'."),
1408 zfs_get_name(zhp));
1409 break;
1410 }
1411 goto error;
1412 }
1413
1414 free(key_material);
1415 free(key_data);
1416
1417 return (0);
1418
1419 error:
1420 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1421 if (key_material != NULL) {
1422 free(key_material);
1423 key_material = NULL;
1424 }
1425 if (key_data != NULL) {
1426 free(key_data);
1427 key_data = NULL;
1428 }
1429
1430 /*
1431 * Here we decide if it is ok to allow the user to retry entering their
1432 * key. The can_retry flag will be set if the user is entering their
1433 * key from an interactive prompt. The correctable flag will only be
1434 * set if an error that occurred could be corrected by retrying. Both
1435 * flags are needed to allow the user to attempt key entry again
1436 */
1437 attempts++;
1438 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1439 goto try_again;
1440
1441 return (ret);
1442 }
1443
1444 int
1445 zfs_crypto_unload_key(zfs_handle_t *zhp)
1446 {
1447 int ret;
1448 char errbuf[ERRBUFLEN];
1449 char prop_encroot[MAXNAMELEN];
1450 uint64_t keystatus, keyformat;
1451 boolean_t is_encroot;
1452
1453 (void) snprintf(errbuf, sizeof (errbuf),
1454 dgettext(TEXT_DOMAIN, "Key unload error"));
1455
1456 /* check that encryption is enabled for the pool */
1457 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1458 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1459 "Encryption feature not enabled."));
1460 ret = EINVAL;
1461 goto error;
1462 }
1463
1464 /* Fetch the keyformat. Check that the dataset is encrypted. */
1465 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1466 if (keyformat == ZFS_KEYFORMAT_NONE) {
1467 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1468 "'%s' is not encrypted."), zfs_get_name(zhp));
1469 ret = EINVAL;
1470 goto error;
1471 }
1472
1473 /*
1474 * Fetch the key location. Check that we are working with an
1475 * encryption root.
1476 */
1477 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1478 if (ret != 0) {
1479 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1480 "Failed to get encryption root for '%s'."),
1481 zfs_get_name(zhp));
1482 goto error;
1483 } else if (!is_encroot) {
1484 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1485 "Keys must be unloaded for encryption root of '%s' (%s)."),
1486 zfs_get_name(zhp), prop_encroot);
1487 ret = EINVAL;
1488 goto error;
1489 }
1490
1491 /* check that the key is loaded */
1492 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1493 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1494 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1495 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1496 ret = EACCES;
1497 goto error;
1498 }
1499
1500 /* call the ioctl */
1501 ret = lzc_unload_key(zhp->zfs_name);
1502
1503 if (ret != 0) {
1504 switch (ret) {
1505 case EPERM:
1506 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1507 "Permission denied."));
1508 break;
1509 case EACCES:
1510 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1511 "Key already unloaded for '%s'."),
1512 zfs_get_name(zhp));
1513 break;
1514 case EBUSY:
1515 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1516 "'%s' is busy."), zfs_get_name(zhp));
1517 break;
1518 }
1519 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1520 }
1521
1522 return (ret);
1523
1524 error:
1525 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1526 return (ret);
1527 }
1528
1529 static int
1530 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1531 nvlist_t **props_out, char *errbuf)
1532 {
1533 int ret;
1534 nvpair_t *elem = NULL;
1535 zfs_prop_t prop;
1536 nvlist_t *new_props = NULL;
1537
1538 new_props = fnvlist_alloc();
1539
1540 /*
1541 * loop through all provided properties, we should only have
1542 * keyformat, keylocation and pbkdf2iters. The actual validation of
1543 * values is done by zfs_valid_proplist().
1544 */
1545 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1546 const char *propname = nvpair_name(elem);
1547 prop = zfs_name_to_prop(propname);
1548
1549 switch (prop) {
1550 case ZFS_PROP_PBKDF2_ITERS:
1551 case ZFS_PROP_KEYFORMAT:
1552 case ZFS_PROP_KEYLOCATION:
1553 break;
1554 default:
1555 ret = EINVAL;
1556 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1557 "Only keyformat, keylocation and pbkdf2iters may "
1558 "be set with this command."));
1559 goto error;
1560 }
1561 }
1562
1563 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1564 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1565 B_TRUE, errbuf);
1566 if (new_props == NULL) {
1567 ret = EINVAL;
1568 goto error;
1569 }
1570
1571 *props_out = new_props;
1572 return (0);
1573
1574 error:
1575 nvlist_free(new_props);
1576 *props_out = NULL;
1577 return (ret);
1578 }
1579
1580 int
1581 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1582 {
1583 int ret;
1584 char errbuf[ERRBUFLEN];
1585 boolean_t is_encroot;
1586 nvlist_t *props = NULL;
1587 uint8_t *wkeydata = NULL;
1588 uint_t wkeylen = 0;
1589 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1590 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1591 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1592 zfs_handle_t *pzhp = NULL;
1593 char *keylocation = NULL;
1594 char origin_name[MAXNAMELEN];
1595 char prop_keylocation[MAXNAMELEN];
1596 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1597
1598 (void) snprintf(errbuf, sizeof (errbuf),
1599 dgettext(TEXT_DOMAIN, "Key change error"));
1600
1601 /* check that encryption is enabled for the pool */
1602 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1603 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1604 "Encryption feature not enabled."));
1605 ret = EINVAL;
1606 goto error;
1607 }
1608
1609 /* get crypt from dataset */
1610 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1611 if (crypt == ZIO_CRYPT_OFF) {
1612 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1613 "Dataset not encrypted."));
1614 ret = EINVAL;
1615 goto error;
1616 }
1617
1618 /* get the encryption root of the dataset */
1619 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1620 if (ret != 0) {
1621 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1622 "Failed to get encryption root for '%s'."),
1623 zfs_get_name(zhp));
1624 goto error;
1625 }
1626
1627 /* Clones use their origin's key and cannot rewrap it */
1628 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1629 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1630 if (ret == 0 && strcmp(origin_name, "") != 0) {
1631 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1632 "Keys cannot be changed on clones."));
1633 ret = EINVAL;
1634 goto error;
1635 }
1636
1637 /*
1638 * If the user wants to use the inheritkey variant of this function
1639 * we don't need to collect any crypto arguments.
1640 */
1641 if (!inheritkey) {
1642 /* validate the provided properties */
1643 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1644 errbuf);
1645 if (ret != 0)
1646 goto error;
1647
1648 /*
1649 * Load keyformat and keylocation from the nvlist. Fetch from
1650 * the dataset properties if not specified.
1651 */
1652 (void) nvlist_lookup_uint64(props,
1653 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1654 (void) nvlist_lookup_string(props,
1655 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1656
1657 if (is_encroot) {
1658 /*
1659 * If this is already an encryption root, just keep
1660 * any properties not set by the user.
1661 */
1662 if (keyformat == ZFS_KEYFORMAT_NONE) {
1663 keyformat = zfs_prop_get_int(zhp,
1664 ZFS_PROP_KEYFORMAT);
1665 ret = nvlist_add_uint64(props,
1666 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1667 keyformat);
1668 if (ret != 0) {
1669 zfs_error_aux(zhp->zfs_hdl,
1670 dgettext(TEXT_DOMAIN, "Failed to "
1671 "get existing keyformat "
1672 "property."));
1673 goto error;
1674 }
1675 }
1676
1677 if (keylocation == NULL) {
1678 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1679 prop_keylocation, sizeof (prop_keylocation),
1680 NULL, NULL, 0, B_TRUE);
1681 if (ret != 0) {
1682 zfs_error_aux(zhp->zfs_hdl,
1683 dgettext(TEXT_DOMAIN, "Failed to "
1684 "get existing keylocation "
1685 "property."));
1686 goto error;
1687 }
1688
1689 keylocation = prop_keylocation;
1690 }
1691 } else {
1692 /* need a new key for non-encryption roots */
1693 if (keyformat == ZFS_KEYFORMAT_NONE) {
1694 ret = EINVAL;
1695 zfs_error_aux(zhp->zfs_hdl,
1696 dgettext(TEXT_DOMAIN, "Keyformat required "
1697 "for new encryption root."));
1698 goto error;
1699 }
1700
1701 /* default to prompt if no keylocation is specified */
1702 if (keylocation == NULL) {
1703 keylocation = (char *)"prompt";
1704 ret = nvlist_add_string(props,
1705 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1706 keylocation);
1707 if (ret != 0)
1708 goto error;
1709 }
1710 }
1711
1712 /* fetch the new wrapping key and associated properties */
1713 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1714 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1715 &wkeylen);
1716 if (ret != 0)
1717 goto error;
1718 } else {
1719 /* check that zhp is an encryption root */
1720 if (!is_encroot) {
1721 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1722 "Key inheritting can only be performed on "
1723 "encryption roots."));
1724 ret = EINVAL;
1725 goto error;
1726 }
1727
1728 /* get the parent's name */
1729 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1730 if (ret != 0) {
1731 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1732 "Root dataset cannot inherit key."));
1733 ret = EINVAL;
1734 goto error;
1735 }
1736
1737 /* get a handle to the parent */
1738 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1739 if (pzhp == NULL) {
1740 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1741 "Failed to lookup parent."));
1742 ret = ENOENT;
1743 goto error;
1744 }
1745
1746 /* parent must be encrypted */
1747 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1748 if (pcrypt == ZIO_CRYPT_OFF) {
1749 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1750 "Parent must be encrypted."));
1751 ret = EINVAL;
1752 goto error;
1753 }
1754
1755 /* check that the parent's key is loaded */
1756 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1757 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1758 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1759 "Parent key must be loaded."));
1760 ret = EACCES;
1761 goto error;
1762 }
1763 }
1764
1765 /* check that the key is loaded */
1766 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1767 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1768 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1769 "Key must be loaded."));
1770 ret = EACCES;
1771 goto error;
1772 }
1773
1774 /* call the ioctl */
1775 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1776 if (ret != 0) {
1777 switch (ret) {
1778 case EPERM:
1779 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1780 "Permission denied."));
1781 break;
1782 case EINVAL:
1783 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1784 "Invalid properties for key change."));
1785 break;
1786 case EACCES:
1787 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1788 "Key is not currently loaded."));
1789 break;
1790 }
1791 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1792 }
1793
1794 if (pzhp != NULL)
1795 zfs_close(pzhp);
1796 if (props != NULL)
1797 nvlist_free(props);
1798 if (wkeydata != NULL)
1799 free(wkeydata);
1800
1801 return (ret);
1802
1803 error:
1804 if (pzhp != NULL)
1805 zfs_close(pzhp);
1806 if (props != NULL)
1807 nvlist_free(props);
1808 if (wkeydata != NULL)
1809 free(wkeydata);
1810
1811 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1812 return (ret);
1813 }
OpenZFS on Linux and FreeBSD